My final goal is manage user's access token by refresh token. I need token from user.
So, I tried this logic.
var app = PublicClientApplicationBuilder.Create(clientId)
.WithRedirectUri(redirectUri)
.WithTenantId(tenantId)
.Build();
var accounts = app.GetAccountsAsync().Result;
var authResult = app.AcquireTokenInteractive(scopes)
.ExecuteAsync().Result;
var token = authResult.AccessToken
An error occurs in app.AcquireTokenInteractive(scopes) after logging in with a Microsoft account. When this function is executed, a web browser is launched to prompt for login. After logging in, the browser shows a page indicating that account authentication is complete. After ms login, this page printed "Authentication complete. You can return to the application. Feel free to close this browser tab."
And then, this is error content.
System.AggregateException HResult=0x80131500 message=One or more errors occurred. (A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: ef0f8da8-2e8b-46ce-8ee5-227b97ea0d01 Correlation ID: e830675e-b28d-48ba-9683-7f4c9bce98c1 Timestamp: 2024-07-10 09:00:43Z) source=System.Private.CoreLib StackTrace: System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) System.Threading.Tasks.Task
1.GetResultCore(Boolean waitCompletionNotification) System.Threading.Tasks.Task
1.get_Result()throw.
1: MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: ef0f8da8-2e8b-46ce-8ee5-227b97ea0d01 Correlation ID: e830675e-b28d-48ba-9683-7f4c9bce98c1 Timestamp: 2024-07-10 09:00:43Z
I refer to
- https://github.dev/microsoft/semantic-kernel/blob/9dd8604b6868a97ed41b8705bae97b2237ea30b2/dotnet/src/Skills/Skills.OpenAPI/Authentication/InteractiveMsalAuthenticationProvider.cs#L36#L5
- https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/acquiring-tokens-interactively
var app = PublicClientApplicationBuilder.Create("YOUR_CLIENT_ID")
.WithDefaultRedirectUri()
.Build();
var accounts = await app.GetAccountsAsync();
AuthenticationResult result;
try
{
result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.ExecuteAsync();
}
catch (MsalUiRequiredException)
{
result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();
}
PublicClientApplicationBuilder
, which mentioned to enableallow public client flows
. Could you please help check it? In this section, we could see that public client applications can't be trusted to safely keep application secrets, so that it shouldn't require client secret. Therefore, we should enable that option.